By way of brief background, conventional authentication of a user input to a device is “key and lock” type authentication, e.g., a user inputs a password (key) that results in an unlock of a functionality (lock) where the password is determined to match a password on file. More advanced conventional systems can use a multifactor authentication, e.g., two or more pieces of information can be checked (two keys are checked). In some typical multifactor systems, the second key is often a time sensitive code to which only the user is expected to have access. These technologies, however, do not address non-user sources of the keys and, as such, are susceptible to failure. More generally, where input(s) are treated as attributable to only one source, and therefore given a measure of trust, this measure of trust can be leveraged to circumvent typical security measures. As an example, a first user's spoken password can be recorded and then used by a second user to gain improper access premised on an assumption that only the first user will have the voice associated with the first user. This example can also be expanded to multifactor authentication, e.g., the second user can have the first user's mobile device and the recorded password, where the mobile device has the second key and the first key is spoofed with the recorded voice, the security measures are again defeated.